Publish Advisories

GHSA-pcrj-w3m4-9qfj
GHSA-q476-2364-vgv3
GHSA-84xh-pwc6-7g4g
GHSA-26hx-622f-3855
GHSA-2q3p-f6j6-9qhj
GHSA-344h-xj76-vwrq
GHSA-3r8r-ch94-c42m
GHSA-44q9-wm73-vrf7
GHSA-7cr9-pfmp-g6m2
GHSA-7fmc-f7mg-gr67
GHSA-f3fp-jhfc-jp8q
GHSA-fvx8-q97q-cw73
GHSA-gwq9-wpwc-v9cf
GHSA-hr5f-g8f8-p354
GHSA-jcc8-69x6-295g
GHSA-mv5g-cf64-38cv
GHSA-qrpj-fx7w-27q9
GHSA-vr2h-fpfm-62g7
GHSA-vw27-7cgv-4xfw
GHSA-w9rv-x77p-3mvc

Author: advisory-database[bot]

advisories/unreviewed/2022/10/GHSA-pcrj-w3m4-9qfj/GHSA-pcrj-w3m4-9qfj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pcrj-w3m4-9qfj",
-  "modified": "2022-10-06T00:00:55Z",
+  "modified": "2025-11-12T15:31:27Z",
   "published": "2022-10-01T00:00:18Z",
   "aliases": [
     "CVE-2022-35155"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/shellshok3/Cross-Site-Scripting-XSS/blob/main/Bus%20Pass%20Management%20System%201.0.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://packetstormsecurity.com/files/168555/Bus-Pass-Management-System-1.0-Cross-Site-Scripting.html"
+    },
     {
       "type": "WEB",
       "url": "http://bus.com"

advisories/unreviewed/2022/10/GHSA-q476-2364-vgv3/GHSA-q476-2364-vgv3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q476-2364-vgv3",
-  "modified": "2022-10-06T00:00:55Z",
+  "modified": "2025-11-12T15:31:27Z",
   "published": "2022-10-01T00:00:18Z",
   "aliases": [
     "CVE-2022-35156"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://packetstormsecurity.com/files/168555/Bus-Pass-Management-System-1.0-Cross-Site-Scripting.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/50543"
+    },
     {
       "type": "WEB",
       "url": "http://bus.com"

advisories/unreviewed/2025/02/GHSA-84xh-pwc6-7g4g/GHSA-84xh-pwc6-7g4g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-84xh-pwc6-7g4g",
-  "modified": "2025-11-03T21:32:35Z",
+  "modified": "2025-11-12T15:31:27Z",
   "published": "2025-02-05T18:34:46Z",
   "aliases": [
     "CVE-2025-23419"
@@ -38,7 +38,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-287"
+      "CWE-287",
+      "CWE-613"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/11/GHSA-26hx-622f-3855/GHSA-26hx-622f-3855.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-26hx-622f-3855",
-  "modified": "2025-11-10T18:30:34Z",
+  "modified": "2025-11-12T15:31:28Z",
   "published": "2025-11-10T15:31:05Z",
   "aliases": [
     "CVE-2025-12480"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480"
+    },
     {
       "type": "WEB",
       "url": "https://www.triofox.com"

advisories/unreviewed/2025/11/GHSA-2q3p-f6j6-9qhj/GHSA-2q3p-f6j6-9qhj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2q3p-f6j6-9qhj",
-  "modified": "2025-11-11T18:30:16Z",
+  "modified": "2025-11-12T15:31:28Z",
   "published": "2025-11-11T18:30:16Z",
   "aliases": [
     "CVE-2025-13020"
   ],
   "details": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-11T16:15:39Z"

advisories/unreviewed/2025/11/GHSA-344h-xj76-vwrq/GHSA-344h-xj76-vwrq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-344h-xj76-vwrq",
+  "modified": "2025-11-12T15:31:29Z",
+  "published": "2025-11-12T15:31:29Z",
+  "aliases": [
+    "CVE-2025-62876"
+  ],
+  "details": "A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects  lightdm-kde-greeter. before 6.0.4.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62876"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62876"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-250"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T13:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3r8r-ch94-c42m/GHSA-3r8r-ch94-c42m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3r8r-ch94-c42m",
-  "modified": "2025-11-12T09:30:27Z",
+  "modified": "2025-11-12T15:31:29Z",
   "published": "2025-11-12T09:30:27Z",
   "aliases": [
     "CVE-2025-64403"
   ],
   "details": "Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of \"external data sources\". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links \nto be loaded without prompt.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -31,7 +36,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-12T09:15:41Z"

advisories/unreviewed/2025/11/GHSA-44q9-wm73-vrf7/GHSA-44q9-wm73-vrf7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-44q9-wm73-vrf7",
+  "modified": "2025-11-12T15:31:29Z",
+  "published": "2025-11-12T15:31:29Z",
+  "aliases": [
+    "CVE-2025-11565"
+  ],
+  "details": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11565"
+    },
+    {
+      "type": "WEB",
+      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-315-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-315-01.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-12T14:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-7cr9-pfmp-g6m2/GHSA-7cr9-pfmp-g6m2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7cr9-pfmp-g6m2",
-  "modified": "2025-11-12T09:30:27Z",
+  "modified": "2025-11-12T15:31:29Z",
   "published": "2025-11-12T09:30:27Z",
   "aliases": [
     "CVE-2025-64401"
   ],
   "details": "Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used \"floating frames\" linked to external files would \nload the contents of those frames without prompting the user for \npermission to do so.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\n\nThe LibreOffice suite reported this issue as CVE-2023-2255",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-12T09:15:40Z"

advisories/unreviewed/2025/11/GHSA-7fmc-f7mg-gr67/GHSA-7fmc-f7mg-gr67.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7fmc-f7mg-gr67",
-  "modified": "2025-11-12T12:30:26Z",
+  "modified": "2025-11-12T15:31:29Z",
   "published": "2025-11-12T12:30:26Z",
   "aliases": [
     "CVE-2025-59118"
   ],
   "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.03.\n\nUsers are recommended to upgrade to version 24.09.03, which fixes the issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -43,7 +48,7 @@
     "cwe_ids": [
       "CWE-434"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-12T10:15:43Z"